BitTorrent Sync Could Keep Data Under Wraps

BitTorrent's cross-platform file syncing software could provide some relief for privacy- and security-minded individuals, since data is not housed in a central hub. However, BitTorrent is not exactly the most trusted name on the Internet, thanks to widespread use of its P2P software for piracy. BitTorrent has taken pains to distance itself from such activities, but the association persists.

By Richard Adhikari
Jul 18, 2013 5:00 AM PT

BitTorrent, whose P2P software has been widely used by software pirates, hackers and IP thieves -- as well as for legitimate purposes -- on Wednesday released the beta version of BitTorrent Sync, which is designed to sync files across devices.

BitTorrent has characterized Sync as a response to the limitations on speed, size and space associated with personal data movement, as well as the challenges to privacy and security -- issues that have loomed larger in recent weeks following revelations about the National Security Agency's PRISM program, which reportedly seeks access to the communications of virtually all Americans.

The Sync beta includes two of the features most commonly requested by users of the Alpha version, released to the public in April: mobile syncing and archiving.

Users of the Alpha version synced more than 8 petabytes of data across devices since its release, BitTorrent said.

The company did not respond to our request for further details.

What BitTorrent Sync Offers

Sync is a free application that has no storage limits and that can serve both as a public backup system and a shared drive.

Sync can maintain files across Windows, Mac OS X, Linux, and
now Android devices. An iOS client is under development.

The beta includes a basic versioning capability, which consists of a folder that gives users access to archives of the most recently updated previous versions of their synced files.

Other features are one-way synchronization; a feature called "One-Time Secrets," the ability to exclude specific files or directories from being synced; support for additional types of network-attached storage devices; an improved Linux WebUI; and bug fixes.

Each folder can be configured to use different connectivity options.

All transfers between devices are secured with 256-bit AES encryption. Access authorization is managed and secured by an encrypted 32-character unique password that restricts the access to clients that are configured with this password, meaning files are safe from unauthorized access.

The Making of Sync

The BitTorrent protocol was changed so it would let users exchange a list of files in several folders, and detect file changes and propagate them across nodes.

BitTorrent decided not to make Sync cloud-based or to rely on back-end servers. This eliminates wrestling with the cost of adding more servers as traffic grows; maintains a higher level of security; and makes syncing faster because data is synced directly between devices instead of first going to a server hub.

BitTorrent and the Bad Guys

BitTorrent technology is based on an Internet standard technology known as "RFC 5694," and the company uses an overlay network "so that any group of computers can independently create a peer-to-peer network to share digital content without a central authority," Craig Young, a security researcher for
Tripwire, told LinuxInsider.

That openness has allowed BitTorrent to be used by hackers and content-sharing sites to the extent that it has been described as being
harmful to intellectual property.

"They are going to have to establish credibility, and the first thing I thought when I heard their name was, not a chance," Jim McGregor, principal analyst at
Tirias Research,
told LinuxInsider.

Safety Is What You Make of It

While mobile syncing appears useful, it could increase the vulnerability of Android users, at least because "otherwise APK vulnerabilities will be widespread," remarked Randy Abrams, research director at
NSS Labs.

APK is the file format used to distribute and install application software and middleware onto Android. An APK master key vulnerability that lets hackers modify legitimate Android apps into Trojans recently
was discovered in Android.

Sync's AES encryption "will make it a lot easier to get past enterprise IT filters," Abrams told LinuxInsider.

Further, the AES encryption might not be proof against PRISM's surveillance, Tripwire's Young pointed out.

While data transfers should be safe from most prying eyes, he said, "the AES-256 standard was approved by the NSA."